hxxps://search[.]saveturtletab[.]com/search?p=hello!

Resubmissions

19-04-2024 15:25

240419-strmsagf6v 1

19-04-2024 15:22

19-04-2024 15:20

18-04-2024 20:47

18-04-2024 20:36

Analysis

max time kernel
209s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://search.saveturtletab.com/search?p=hello!

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580139472535520"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2764 chrome.exe
2764 chrome.exe
528 chrome.exe
528 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

chrome.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2764 wrote to memory of 1232	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 1232	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 224	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 4876	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 4876	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe
PID 2764 wrote to memory of 3116	2764	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://search.saveturtletab.com/search?p=hello!
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0581ab58,0x7ffb0581ab68,0x7ffb0581ab78
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:2
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3912 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3416 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3420 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5260 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4780 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5672 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5484 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1840 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5740 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1840 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4384 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6136 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5996 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6000 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5316 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6060 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5776 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6004 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6040 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6004 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6068 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4360 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5812 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5956 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4380 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5800 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5732 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5600 --field-trial-handle=1900,i,8075669479324318275,11162642091196285973,131072 /prefetch:1
2⤵
PID:528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d7b9c8b-c97b-4023-a196-44e4ccdca34d.tmp
Filesize
11KB

MD5
9bcd7f80a7261c0e54ec168451639054

SHA1
43f7de65c11e21d90341faad8bc5458b56145779

SHA256
0a162deb5162de58d829d96a226bfaac217ba8bb828c3a73bb210fdb5b961f19

SHA512
4ac0d6d7ef14a27aa53f7133cdb274db905876cad18035d610a230af71a6ad70be65dac0679cf3efc4f0387707940813c54ef0ff99e8dc90d73b8578bad6d749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
96caf88cb26d1d397bb8e3e39f67cc59

SHA1
93f335e1751defb7b2514f4de1492b6f0560053e

SHA256
300750e091aced61721adbbe55c3a96e14d63416cb621bd5da007e943c745c67

SHA512
4e011bec6756c6dee57c98568bd5ecfa60379007e8854ed8910065993d221fecf508e5cfdd694e616c00e1dd04a4f0692f9457c4977cb68dcda085bdf1ae152e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
92db371769d5ae5e8d1a36da29c36e80

SHA1
3b4835864e29e2aafae1db638ee3d68c96386feb

SHA256
71db8aa696d4b107e4413a2b1482abed7a0e4ee6e46a2a4f0f4e3b46e1cb383d

SHA512
7a8650a2f8b966b7bced9b35c13f16ff44c00302edb263fe3b34ed740b760f743139af905204fc208f82fd7e3bec36a25e5abfd51b099d81d5f955838e17fe31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
e74191cb9c90a7414439aa0bf1684057

SHA1
a3ab93a5820d1c19a714fc6de82e3a87d559bf04

SHA256
3a5ed79a45accbc558ee79cd0843d6e77c5da43fe0ef2bcb03e0f8055dc591a5

SHA512
4de36702e5a242790d16bcf200f593f0a7e6b9f6b8c71a555a7dfbecfe2b719b46d16049846c5a1ba03381eeafacf96613ef1aab689cbc9b4449a4ff46f9f6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4afc892d1eaf72ff19f68bee1bf31312

SHA1
59976cdd51f0967be5667ada4f72f55cdaa8dfe7

SHA256
a9b3894c657349b8ef9eafe69b9e21b8629844dab7570425bf5ef6e7535def64

SHA512
7e8761372c17b60d5c083017bb42ffb3f76d8950f3dc9d023bcbf5e7a9010f1fd1d616674404178268d612147e2636d143dcafea8e6f68bfcdc54c9deebfcf03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d090c4aebced75e54cb6deb019dc24b6

SHA1
ada7861258c22a200b9e0ea5d54af6bdaba7c415

SHA256
85799c61861010286a6d1c2ff19962a16a360d339d34e6cb16e13f533b532c64

SHA512
f56c0e2b5b9c5d7023fd65c6cf730b8a45fe2279f5fd01be58a9c8861a6f12ad534016bc289532806cc9d62991394b6cd818c314b533532c311553d715d360b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
ba960f5aed6371ccb4abff88f4a3d23b

SHA1
3d4ffadfae53e9442aba08f9fe7c09e888291178

SHA256
0ada2b87396f16c4c2c1d39a917dd5d5939a678ce45a6d7038d796c21ad25644

SHA512
f55e62aaaaafde2345d184827d520f7cc1d753a7a2786278f1758b2b583d39c121954bb0988ff965c38ed98e4d82aa5bb3ec3ae47f25c7f96155e57d2462583b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5a240c7c1ac4281680cff7195bae2c97

SHA1
af20ec6826e7ceff4d462e3d3d64f592b3e43ec8

SHA256
0e486c3872697461761d4b77e08cfd98b38a9f7f76133d006179d2ed64bf2686

SHA512
65374ba6b2edd5baa0943a3156f4ca1e04eb471e8d320c5c8d73e7869c526eb5dabc3b3518f91974a930b974a9f3354461c6378da6d0e179fe63c83834faace1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
67a83fc873cc8e0a656c8250e03176a6

SHA1
a05980ffeb8d1bfa07e8ece91c18616f5f3adec7

SHA256
08370b906e0a27eacdb6f11b717cf58827f308847b8bb6d1aeacd84b52e129fc

SHA512
83051b6c9dcb82cdbd910355ce2fa6a4d2282344c78ff82b80e28c07f38e8e1873c1aed5d14511539fef326fbce821a5b2d2871f8f3fc3217ed81c30467dfbfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
00477671bb1a02e45db89ec0d1092447

SHA1
2f203021a6400d883567db6d2fc4dc24747e76b1

SHA256
b9c684e64606e1a53578a2f1ded32e7377246cf24f6f3190770dcc3e3c92868b

SHA512
e43c09d963cd16a03c143b0a69555c415d1117730dd00f34b9cf0a0f4371b9dfbe0d6885a6bb10a9732ab460addc30572ffb25141ca233624b48f7965ff2de8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
44530adbd44fe9623dccb5b264d97365

SHA1
50b3053c8014421a7171a13bfb629767e4bc0cb9

SHA256
5a0baaf852223b589f1c1fdbb1207590a7ef1e5fc47a76631611f64108d51bfa

SHA512
f5f8f23141ff4e8a3689c2aab0224a017164c02bfcd14830b648918379041aa016a81e6890f08bd0939e9c0081a451455f867904102352a1823144e225a0b0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
b6e1f6c17507ad7a1cbd1acff6c593c7

SHA1
60ce299b164206e755da5c06dedc5479b0a0e35d

SHA256
e8e3b790231ad7fab0ceb6fe6ac08b46efbc05210275ebaba0ade27d5d3598c3

SHA512
b305fa512ab7c375134056ac075ccd697c87e9120cf8bab50b2cb8dd8c22e8502de3ea8a6af027d1cf7941f4f4172b1893f15be7153bea576178f8f1818a77b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
217f8be21f009a642d16b032644d20b3

SHA1
6a2b9cdc733a72de2945ae3910ad6ec71a0331ef

SHA256
1cfbcf7bfac9efbefb808c1fafee48b2469f076af94fd62a9bc4ce5a39336517

SHA512
252ea7fc36c5566d37c9acd21559b407e726218065fee8986ae60029d4abed7ab8330304c990a2f506d689e548331a4f7f996981e4f49ed1879075e6b512b2f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
c9dc67b329493409b7df95c9f8da2b38

SHA1
14da424c57b1ea83c541019647409081f2ecb166

SHA256
6e5967fd73c41ec4393a116ce0a6998b3ed232409a73eee9f9b9f1460b507ead

SHA512
4783974fa7359c9ebad896738269fdc1e52b5b9f01ebaeba41d2b8dc4425b4782d7bc1bbbc78c16b86c611492c3a3ea7b3fffde27bfab3a2e02aa4f53ab1061c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
9b98d24bbbc71af79d8e50d1b62c6e28

SHA1
7f9c22ae07462cb72dd479fc5e0b3c932351a8aa

SHA256
75a6078c215bd8147290017cc91130e8d38f428d84b1fe99e350a9b8d005ae78

SHA512
f805dbf249542306273cceb68df99ca0ad1e029b1391b88c9ffcfce3eaa696efbed44f09892b1f6a9267ea498f2648ab3cc4900502c5226649b3a71d89e36ddd

Download Submit
\??\pipe\crashpad_2764_ULOLPPSHAKHAXQKD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit